When building an awesome web app or website, we sometimes want people to be able to embed parts of our web app/website into their own. That could be an iframe holding a 'like' button, a simple image that they want to reuse or even our entire app embedded in an iframe.
But how do we control who has access, who is allowed to use up our bandwidth and query our service?
We define the problem as > controlling access to assets
By assets we mean: anything that can be queried from our site.
Allow some, block all
When talking about access control, we enter the domain of security. And when talking security, whitelisting should be the approach taken to tackle the problem. It is easier to control who is allowed to access your assets than it is to control who is not. It is simply impossible to know all the boogie monsters of the internet.
To protect our assets, we hire a gatekeeper to only let the ones we trust in. Once hired, we give him access to a whitelist we control, and let him do all the heavy lifting.
Continue reading %Asset Access Restriction Methods – Block Unwanted Visitors%
more
{ 0 comments... » Asset Access Restriction Methods – Block Unwanted Visitors read them below or add one }
Post a Comment